From 52d3346180254246bfd74ef654b763f130818557 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20D=C3=BCsterhus?= <tim@bastelstu.be>
Date: Sat, 16 Mar 2024 16:38:05 +0100
Subject: [PATCH] random: Use CSPRNG for CombinedLCG seeding

Now that the CombinedLCG is no longer used within GENERATE_SEED(), we can
safely use the CSPRNG with a php_random_generate_fallback_seed() fallback to
seed the CombinedLCG.
---
 ext/random/engine_combinedlcg.c | 19 ++++---------------
 1 file changed, 4 insertions(+), 15 deletions(-)

diff --git a/ext/random/engine_combinedlcg.c b/ext/random/engine_combinedlcg.c
index 8874998f33230..ebecf9975f9cb 100644
--- a/ext/random/engine_combinedlcg.c
+++ b/ext/random/engine_combinedlcg.c
@@ -107,23 +107,12 @@ const php_random_algo php_random_algo_combinedlcg = {
 /* {{{ php_random_combinedlcg_seed_default */
 PHPAPI void php_random_combinedlcg_seed_default(php_random_status_state_combinedlcg *state)
 {
-	struct timeval tv;
+	uint64_t seed = 0;
 
-	if (gettimeofday(&tv, NULL) == 0) {
-		state->state[0] = tv.tv_usec ^ (tv.tv_usec << 11);
-	} else {
-		state->state[0] = 1;
+	if (php_random_bytes_silent(&seed, sizeof(seed)) == FAILURE) {
+		seed = php_random_generate_fallback_seed();
 	}
 
-#ifdef ZTS
-	state->state[1] = (zend_long) tsrm_thread_id();
-#else
-	state->state[1] = (zend_long) getpid();
-#endif
-
-	/* Add entropy to s2 by calling gettimeofday() again */
-	if (gettimeofday(&tv, NULL) == 0) {
-		state->state[1] ^= (tv.tv_usec << 11);
-	}
+	php_random_combinedlcg_seed64(state, seed);
 }
 /* }}} */